HOW TO HACK A TESLA MODEL X WITH A MINI PROJECTOR AND DRONE

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/02/05/how-to-hack-a-tesla-model-x-with-a-mini-projector-and-drone/

Sometimes researchers and cybersecurity specialists don’t detect security flaws in some technological developments until they hit the market. In the worst cases, the first to detect these flaws or security loopholes are threat actors, so the work of researchers and security firms is vital to correct these flaws before they are exploited.

Recently, a team of researchers from Ben-Gurion University in Israel published a report detailing a security loophole in autopilot systems used in various smart cars, including the Tesla Model X. According to the researchers, it is possible to employ a drone and a mini projector to deceive these navigation systems, projecting fake images along the way or onto surrounding billboards.

The exploitation of these safety faults would result in unforeseen activation of the car brakes or, in other cases, sudden changes in the course of the car, compromising the physical integrity of the occupants. For testing, cybersecurity experts used a Tesla Model X, as well as an advanced driving assistance system (ADAS) from manufacturer Mobileye.

HACKING AUTOMATIC DRIVING SYSTEMS

Look carefully at the following image; Do you think what you’re seeing is real?

Well, both the Tesla Model X and Mobileye 630 PRO system identified the projected images as real, forcing a change in the car’s actual operation.

Researchers refer to these images as “phantoms”; depthless objects that ADAS and autopilot systems perceive and consider as a real physical object. Projections may vary, including images of people, other cars, road signs or even lanes on the asphalt.

During the experiment, cybersecurity experts used a mini drone-mounted projector. The projection of the ghosts took just 125 milliseconds, enough to cause the Tesla Model X to deviate from the original course.

These projections can also force sudden braking of the Tesla Model X. It is then appreciated how the car slows down significantly after the automatic handling system detected one of these ghosts, identifying it as a real person.

While the exploitation of these loopholes is complex, some security measures need to be considered. According to cybersecurity experts, one way to mitigate the risk of exploitation is to configure ADAS systems to take into account factors such as light reflected in objects and surface, obtaining better detection of real objects and projections without depth.

This is not the first time that security failures are detected in a connected car. A couple of years ago, the International Institute of Cyber Security (IICS) reported a security hole in a Jeep Cherokee that allowed attackers to take control of the car’s critical systems, so multiple models had to be removed from the market.

WHATSAPP WEB FLAW ALLOWS HACKERS TO TAKE CONTROL OF YOUR DESKTOP

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/02/05/whatsapp-web-flaw-allows-hackers-to-take-control-of-your-desktop/

Although rarely exploited, vulnerability testing reports on WhatsApp have become prevalent in the cybersecurity community. The most recent of these reports refers to multiple failures that could alter some aspects in the user interface.

Using his knowledge in JavaScript, researcher Gal Weizman detected multiple vulnerabilities in the messaging service that could be exploited in real-world scenarios, exposing users to serious risks, such as sending malicious links or remote injection of code.

It should be mentioned that the vulnerability testing report mentions that all the flaws discovered by Weizman are found in WhatsApp Web, the desktop version of the messaging service. Its exploitation would allow sophisticated phishing campaigns to be deployed, spread malware, and even some variants of ransomware, putting millions of users at risk.

One of the most serious flaws allows you to evade platform security measures to run cross-site scripts (XSS). By exploiting this vulnerability, malicious actors may obtain read permission on the target device’s local file system to add links or malicious code to a message sent by WhatsApp Web. Running these attacks is possible by simply modifying the JavaScript code of a message before it is sent.

Soon after, a WhatsApp spokesperson mentioned that the company, owned by Facebook, has already received the report, so the bugs were fixed shortly after: “The issue we addressed in the most recent update could have affected thousands of users of WhatsApp Web platform; we appreciate the security investigator’s report.”

While this flaw has already been fixed, similar new threats could appear shortly, so vulnerability testing specialists at the International Institute of Cyber Security (IICS) recommend that you be careful when interacting with a message received via WhatsApp Web containing the text “javascript”, as it is a clear indicator of potentially malicious activity, especially if it is sent from an unknown account.

SAMSUNG GALAXY SMARTPHONES ARE BEING HACKED TO EXTORT VICTIMS

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/01/09/samsung-galaxy-smartphones-are-being-hacked-to-extort-victims/

Celebrities all over the world have become priority targets for cybercriminals, who take advantage of public figures’ meager security risks and data protection for mobile devices knowledge to compromise sensitive information for their own benefit.

This seems to be the case in South Korea, where recent reports claim that Samsung Galaxy smartphones from many celebrities have been hacked. Attackers threaten victims with revealing their private information (contacts, photos, videos, conversations) if they do not receive a ransom.

Apparently the hackers managed to compromise Samsung’s cloud storage to extract confidential information and extort the victim, demanding ransoms of between 50 million South Korean won (over $40k USD) and one billion won ($850k USD). In addition, researchers on data protection methods were able to gather evidence on the attacks, including some leaked confidential files.

Local media claim that the celebrity list is extensive, although the names of those affected by this scam are reserved. However, they claim that the list includes popular actors and actresses, singers, film directors, celebrated chefs, among others, even claim that a young South Korean singer was the victim of this attack and paid the hackers a large sum of money to safeguard your information.

One of the initial reports on the incident identifies actor Zhu Zhenmo as one of the first victims of this extortion campaign; by not responding to threats from hackers, the actor’s private conversations were exposed on the Internet. Data protection specialists believe that public figures are more likely to fall into this kind of blackmail, as they prefer to pay hackers than to expose themselves to public scandals due to the leaking of their private files.

Recently the International Institute of Cyber Security (IICS) reported a potential spyware developed by the Chinese company Qihoo 360 present in the latest Samsung Galaxy models marketed in Asia, so it would be worth while the company review its security standards in the face of the possible presence of a vulnerability exploited by threat actors to steal information and expose users of these devices.

INTERPOL HACKS CRYPTOMALWARE THAT INFECTED MILLIONS OF ROUTERS WORLDWIDE

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/01/09/interpol-hacks-cryptomalware-that-infected-millions-of-routers-worldwide/

Interpol, in collaboration with other agencies, has dealt a severe blow to cybercrime in Asia. The international agency announced the successful conclusion of Operation Goldfish Alpha, which was supported by the information security firm Trend Micro, besides law enforcement agencies and incident response teams in more than 10 countries; this operation focused on the elimination of Coinhive, a cryptocurrency mining malware (aka cryptomalware), which was eradicated from nearly 20k routers.

For half a year, the Interpol Global Complex Innovation (IGCI) worked to detect and remove this variant of malware installed on thousands of hundreds of MicroTok routers, which suffered large-scale infections in multiple Asian countries, such as Brunei, Cambodia, Indonesia, Malaysia, the Philippines, Singapore and Thailand.

Moreover, Trend Micro information security experts prepared a number of very useful information documents for cryptocurrency mining malware victims, so thousands of users learned to update their routers and uninstall the malware. Operation Goldfish concluded at the end of 2019, although thousands of infected devices remain in Asia and the rest of the world.

The international agency estimates that this operation managed to eradicate about 18% of Coinhive infections worldwide, so it is expected that the current number of routers running this cryptomalware will not exceed 110k units, which have not been updated by their administrators.

It should be remembered that this attack, known as cryptojacking, depends on the processing power of the infected machines. Because a router represents minimal computing power, hackers must compromise tens of thousands of routers to achieve the processing power equivalent to a network of a few computers.

According to information security specialists, its weak security settings, in addition to their worldwide use, make routers one of the main targets of threat actors that use cryptojacking to generate profits. Although the generated revenue using this attack is not high, very few resources are required to infect tens of thousands of devices, making it a very lucrative attack variant.

The number of cryptomalware infections has decreased over the last two years, as the latest antivirus tools have the ability to identify these malicious programs. However, an information security report from the International Institute of Cyber Security (IICS) states that threat actors have not stopped and keep develop new and more efficient methods of infection.

Last year, malicious hackers demonstrated their ability to reinvent themselves, developing infection methods based on steganography, allowing them to hide malicious software in images, PDF files and even in WAV-format audio samples with the purpose of evading the detection of antivirus software and infecting as many devices as possible. Whether deploying cryptojacking campaigns, or creating gigantic botnets useful in other attack variants, experts consider it highly likely that steganography-based attacks will reach record activity logs during 2020.

APPLE TO SCAN YOUR PHOTOS AND VIDEOS SEARCHING FOR CHILD PORNOGRAPHY AND REPORT TO AUTHORITIES

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/01/09/apple-to-scan-your-photos-and-videos-searching-for-child-pornography-and-report-to-authorities/

Combating crimes such as possession of child pornography is a complex task and often limited by the privacy, data protection and cybersecurity measures for tech device users, although Apple seems determined to take a proactive approach against these terrible crimes.

Jane Horvath, the company’s chief privacy officer claims that, after an update on user privacy policies, Apple began scanning photos and videos stored on users’ cloud accounts to check if the user has sexually abused children related content.

Jane Horvath at CES 2020

During a press conference, Horvath stated that Apple employs sophisticated image scanning technology for illegal content detection, and the company disables analyzed accounts in the event of founding illegal material; the method employed by Apple is still unknown, but more details could be revealed in the future.

Its privacy and data protection policies have created a number of issues for Apple, especially with law enforcement agencies, which consider the company to interfere with criminal investigations by refusing to unlock tech devices belonging to suspicious individuals or encrypting their messaging services.

However, Apple seems willing to cooperate more extensively with authorities in combating child sex crimes, although they anticipate that communications encryption will not be eliminated: “Removing encryption will not solve this problem, we will use the best available technology to help authorities detect child pornographic material,” Hovarth said during its presentation at the Consumer Electronic Show (ECS) in Las Vegas, where the latest innovations in technology and cybersecurity.

On the other hand, an Apple spokesperson referred to a disclaimer posted on the company’s official website, mentioning that: “We are committed to protecting children throughout the Apple ecosystem, we will continue to support innovation in combating these crimes. To support this commitment, Apple employs image matching technology with a special focus on child exploitation. Just like spam filters on our email service, these systems use electronic signatures to identify illegal material.”

As mentioned above, accounts that store illegal content will be in breach of Apple’s new terms, so they will be disabled.

Although Apple did not go into details about how this technology works, cybersecurity specialists mention that the method is likely to be based on a filtering system known as PhotoDNA, which compares images to a database previously established. This method is used by other companies, such as Google and Facebook.

Regarding iPhone encryption, Horvath defended the company’s stance, after the cybersecurity community anticipated that the FBI would start a new controversy over Equipment developed by Apple. A few weeks ago, the federal agency expressed its rejection of this policy because Apple refused to unlock the iPhone of a guy involved in a tiple homicide in Florida, USA. The International Institute of Cyber Security (IICS) recommends that users wish to learn more about changes in Apple’s policies to target the company’s official platforms.

PRISON SECURITY CAMERAS WERE HACKED; FOOTAGE POSTED ON YOUTUBE

ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/12/26/prison-security-cameras-were-hacked-footage-posted-on-youtube/

Prison life is often difficult, especially when resources available for penitentiary systems are scarce. Just a few days ago, after the alleged hack into the surveillance camera system at Lang Suan prison in Chumphon Province, Thailand, a video showing the precarious conditions in which prisoners serve their sentences was posted on a cybersecurity channel on YouTube.

The video was titled “Thai Bangkok prison Security Camera live” and was posted on the broadcast platform last Tuesday. The video description ensures that it is 100% real footage of the day-to-day life in this prison.

At a press conference, Somsak Thepsuthin, head of Thailand’s Minister of Justice, mentioned that the country’s Department of Corrections had already detected the incident. Although Thai authorities ignore how the material leaked, they note that this has been a constant in prisons in various countries in recent times.

Thailand’s correctional department filed a complaint about the incident, which will be in charge of the Special Investigations Department, in collaboration with cybersecurity firms; authorities hope to find those responsible as soon as possible.

A local media released the statements of an anonymous informant, who claims that Thailand’s prison surveillance systems were installed by a private company, which won the contract through a procurement process. In addition, the source states that these systems have an Internet connection for real-time access to the feed. In other words, prison managers, as well as some security staff members, have extensive access to CCTV images, completely live and through any smart device.

The incident has seriously damaged the reputation of the country’s prison system. The authorities mention that it is likely that some user’s access credentials to the system had been leaked and reached into the hands of those responsible for the incident, who released the footage, showing the overcrowded conditions in which inmates must live at Lang Suan.

Early cybersecurity reports suggest that the intrusion occurred overnight on Monday, December 23; hours later the video was already online. Among other content, the YouTube channel where the video was posted, called Big Brother’s Gaze, shows similar images purportedly obtained from prisons in Australia, Russia, the US, among other countries.

Various research conducted by security firms, independent experts and organizations such as the International Institute of Cyber Security (IICS) have shown how easily a group of threat actors can compromise the integrity of a surveillance system, whether it is installed for monitoring a home, shopping malls, business environments or, as in this case, prison systems in various countries. As a cybersecurity advice, system administrators can implement some simple measures, such as multi-factor authentication, periodic password reset, and limit access to these systems only for the most trained and reliable staff.

COMPANY FIRES MORE THAN 300 EMPLOYEES DUE TO MASSIVE RANSOMWARE INFECTION

ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/12/26/company-fires-more-than-300-employees-due-to-massive-ransomware-infection/

A cyberattack can generate disastrous consequences for affected companies. Massive data loss, layoffs, fines for information security breaches and high recovery costs are catastrophic scenarios, although things can get even worse.

The worst has happened to The Heritage Company, a telemarketing agency based in Arkansas, US. This company had to fire more than 300 employees, in addition to indefinitely stopping its operations, after not being able to recover 100% from a recently occurred ransomware attack.

The company has decided not to reveal further details about the incident, such as the amount of money it has invested for its recovery process or the technical characteristics of the attack. For now, the only official statement on this subject is a letter addressed to the dismissed employees, signed by Sandra Franecke, CEO of the company, offering apologies for the decision made, arising from the loss of hundreds of thousands of dollars.

In her letter the CEO states that although the company’s information security team worked very hard on the incident recovery process, and although she even resorted to its own savings to try to keep the agency afloat, these efforts were in vain, as the company does not have sufficient resources to absorb all expenses.

“Unfortunately, about two months ago our servers were attacked with a virus that took our entire systems hostage, demanding a ransom in exchange for regaining access to our computing resources. Our information security department has been doing everything it can to get the systems back up and running again, although there’s still a lot to do,” says the CEO in her letter.

Franecke concluded her message by making it clear that the company will suspend its operations indefinitely, requesting the understanding of affected employees and ensuring that an update on the incident will be released on January 2. While there are no favorable forecasts for the restoration of operations at The Heritage Company, the CEO says she won’t give up: “My mother founded this company 60 years ago, and I’ll do everything I can to keep it afloat,” she said.

Unfortunately this is not the first time a company resorts to suspension of operations due to a cyberattack. A few months ago, information security experts from the International Institute of Cyber Security (IICS) reported a similar incident that affected forensic firm Eurofins Scientific, whose computer systems were infected with ransomware. It was reported that after going about two months without operating, the firm regained access to its systems by paying the hackers the demanded ransom.

Another attack of similar characteristics occurred at ASCO, a Belgian aircraft systems and parts developer, whose servers were compromised with ransomware, after which managers decided to provisionally send home to nearly 1500 employees, whose jobs were completely offline.